The knifeuser subcommand is used to manage the list of users and their associated RSA public key-pairs.

Warning

In versions of the chef-client prior to version 12.0, this subcommand ONLY works when run against the open source Chef server; it does not run against Enterprise Chef (including hosted Enterprise Chef), or Private Chef.

Starting with Chef server 12.0, this functionality is built into the chef-server-ctl command-line tool as part of the following arguments:

user-create

user-delete

user-edit

user-list

user-show

Starting with chef-client version 12.4.1, the knifeuser functionality is restored for the following arguments: user-edit, user-list, and user-show for Chef server version 12.0 (and higher).

Starting with Chef server 12.4.1, users who are members of the server-admins group may use the user-create, user-delete, user-edit, user-list, and user-show arguements to manage user accounts on the Chef server via the knifeuser subcommand.

Note

Review the list of common options available to this (and all) knife subcommands and plugins.

Use the create argument to create a user. This process will generate an RSA key pair for the named user. The public key will be stored on the Chef server and the private key will be displayed on STDOUT or written to a named file.

For the user, the private key should be copied to the system as /etc/chef/client.pem.

For knife, the private key is typically copied to ~/.chef/client_name.pem and referenced in the knife.rb configuration file.

Create a client as an admin client. This is required for any user to access Open Source Chef as an administrator. This option only works when used with the open source Chef server and will have no effect when used with Enterprise Chef or Chef server 12.x.

-fFILE_NAME, --fileFILE_NAME

Save a private key to the specified file name.

-pPASSWORD, --passwordPASSWORD

The user password.

--user-keyFILE_NAME

The path to a file that contains the public key. If this option is not specified, the Chef server will generate a public/private key pair.

Note

See knife.rb for more information about how to add certain knife options as settings in the knife.rb file.

The expiration date for the public key, specified as an ISO 8601 formatted string: YYYY-MM-DDTHH:MM:SSZ. If this option is not specified, the public key will not have an expiration date. For example: 2013-12-24T21:00:00Z.

-fFILE, --fileFILE

Save a private key to the specified file name.

-kNAME, --key-nameNAME

The name of the public key.

-pFILE_NAME, --public-keyFILE_NAME

The path to a file that contains the public key. If this option is not specified, and only if --key-name is specified, the Chef server will generate a public/private key pair.

Generate a new public/private key pair and replace an existing public key with the newly-generated public key. To replace the public key with an existing public key, use --public-key instead.

-eDATE, --expiration-dateDATE

The expiration date for the public key, specified as an ISO 8601 formatted string: YYYY-MM-DDTHH:MM:SSZ. If this option is not specified, the public key will not have an expiration date. For example: 2013-12-24T21:00:00Z.

-fFILE, --fileFILE

Save a private key to the specified file name. If the --public-key option is not specified the Chef server will generate a private key.

-kNAME, --key-nameNAME

The name of the public key.

-pFILE_NAME, --public-keyFILE_NAME

The path to a file that contains the public key. If this option is not specified, and only if --key-name is specified, the Chef server will generate a public/private key pair.